|
- Create the home directory for the SSL started task (the default
is /etc/gskssl/server)
- Copy the sample envar file (gsksrvr.envar) from /usr/lpp/gskssl/examples/
to /etc/gskssl/server/ with a new file name of "envar". By default,
the full path is /etc/gskssl/server/envar (change the directory name
to match the home directory created). Modify the LANG, TZ, and NLSPATH
values to meet local installation requirements.
- Copy the sample started procedure from GSK.SGSKSAMP(GSKSRVR) to
SYS1.PROCLIB(GSKSRVR)
Note: The sample started task procedure routes
informational messages, such as GSK01001I, to standard out, while
error messages, such as GSK01015E are routed to standard error. If
you want to route informational and error messages to the same place
in the job log, change: // / 1>DD:STDOUT 2>DD:STDERR')
to // / >DD:STDOUT 2>&1')
- Create the GSKSRVR user and associate it with the GSKSRVR started
procedure. Replace 'nnnnnn' in the ADDUSER command with a non-zero
value which is not assigned to another user.
ADDUSER GSKSRVR DFLTGRP(SYS1) NOPASSWORD OMVS(UID(nnnnnn) PROGRAM(/bin/sh) HOME(/etc/gskssl/server))
RDEFINE STARTED GSKSRVR.** STDATA(USER(GSKSRVR) GROUP(SYS1) TRUSTED)
SETROPTS RACLIST(STARTED) REFRESH
- Ensure that the pdsename.SIEALNKE and CEE.SCEERUN data sets are
APF-authorized and are either in the link list concatenation or are
specified as a STEPLIB for the GSKSRVR procedure.
- Optionally, set up a message processing exit to automatically
start the GSKSRVR started task. The GSK.SGSKSAMP(GSKMSGXT) program
is a sample message processing exit for this purpose. To activate
the exit, add this to the appropriate MPFLSTxx member in SYS1.PARMLIB.
BPXI004I,SUP(NO),USEREXIT(STARTSSL)
This
starts GSKSRVR when OMVS initialization is complete, assuming the
GSKMSGXT program was linked as STARTSSL and placed in a LNKLST data
set.
- Optionally, set up an automatic restart management (ARM) policy
for the GSKSRVR started task if the default ARM policy values are
not appropriate. The element type is SYSSSL and should be assigned
to restart level 2. The element name is GSKSRVR_sysname. For example,
the element name for the GSKSRVR started task on system DCESEC4 would
be GSKSRVR_DCESEC4. Since the normal operating mode is to run the
GSKSRVR started task on each system in the sysplex, the GSKSRVR started
task registers with ARM to be restarted only if the started task fails
and not if the current system fails. The TERMTYPE parameter of the
ARM policy can be used to override this registration if you want.
- If access to the ICSF callable services are protected with CSFSERV
class profiles on your system, the GSKSRVR user ID might need to be
given READ authority to call the ICSF CSFIQA and CSFPPRF callable
services. These services are protected by the CSFIQA and CSFRNG profiles.
If these callable services are protected with a generic CSF* profile
in the CSFSERV class, access can be granted by entering:
PERMIT CSF* CLASS(CSFSERV) ID(GSKSRVR) ACCESS(READ)
SETROPTS RACLIST(CSFSERV) REFRESH
|